Webex Meetings Server

webex_meetings_server

Vendor: Cisco • 136 CVEs

CVEs (136)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-12257 1Cisco 1Webex Meetings Server May 13, 2026 Oct 5, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system...Show more A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affected system. An attacker could exploit this vulnerability by convincing a user to follow a malicious link or by intercepting a user request and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve96608.Show less
CVE-2017-6753 1Cisco 20Webex Event Center Webex Meeting CenterWebex Meetings+17 more May 13, 2026 Jul 25, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected...Show more A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037.Show less
CVE-2017-6651 1Cisco 1Webex Meetings Server May 13, 2026 May 16, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete conf...Show more A vulnerability in Cisco WebEx Meetings Server could allow unauthenticated, remote attackers to gain information that could allow them to access scheduled customer meetings. The vulnerability is due to an incomplete configuration of the robots.txt file on customer-hosted WebEx solutions and occurs when the Short URL functionality is not activated. All releases of Cisco WebEx Meetings Server later than release 2.5MR4 provide this functionality. An attacker could exploit this vulnerability via an exposed parameter to search for indexed meeting information. A successful exploit could allow the attacker to obtain scheduled meeting information and potentially allow the attacker to attend scheduled, customer meetings. This vulnerability affects the following releases of Cisco WebEx Meetings Server: 2.5, 2.6, 2.7, 2.8. Cisco Bug IDs: CSCve25950.Show less
CVE-2017-3880 1Cisco 1Webex Meetings Server May 13, 2026 Mar 17, 2017 N/A· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728...Show more An Authentication Bypass vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to access limited meeting information on the Cisco WebEx Meetings Server. More Information: CSCvd50728. Known Affected Releases: 2.6 2.7 2.8 CWMS-2.5MR1 Orion1.1.2.patch T29_orion_merge.Show less
CVE-2017-3811 1Cisco 1Webex Meetings Server May 13, 2026 Mar 17, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165...Show more An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.2054.Show less
CVE-2017-3823 1Cisco 6Activetouch General Plugin Container Download ManagerGpccontainer Class+3 more May 13, 2026 Feb 1, 2017 N/A· v4 8.8 HIGH· v3 9.3 HIGH· v2 An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.201...Show more An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plugin before 10031.6.2017.0126 on Internet Explorer, and the Download Manager ActiveX control plugin before 2.1.0.10 on Internet Explorer. A vulnerability in these Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server and Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center) when they are running on Microsoft Windows. The vulnerability is a design defect in an application programing interface (API) response parser within the extension. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser.Show less
CVE-2017-3797 1Cisco 1Webex Meetings Server May 13, 2026 Jan 26, 2017 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affecte...Show more A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server. More Information: CSCvb60655. Known Affected Releases: 2.7.Show less
CVE-2017-3796 1Cisco 1Webex Meetings Server May 13, 2026 Jan 26, 2017 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.
CVE-2017-3795 1Cisco 1Webex Meetings Server May 13, 2026 Jan 26, 2017 N/A· v4 5.4 MEDIUM· v3 6.5 MEDIUM· v2 A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Release...Show more A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.Show less
CVE-2017-3794 1Cisco 1Webex Meetings Server May 13, 2026 Jan 26, 2017 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Aff...Show more A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12.Show less
CVE-2016-1483 1Cisco 1Webex Meetings Server May 6, 2026 Sep 19, 2016 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a denial of service (CPU consumption) by repeatedly accessing the account-validation component of an unspecified service, aka Bug ID CSCuy92704.
CVE-2016-1482 1Cisco 1Webex Meetings Server May 6, 2026 Sep 17, 2016 N/A· v4 8.1 HIGH· v3 9.3 HIGH· v2 Cisco WebEx Meetings Server 2.6 allows remote attackers to execute arbitrary commands by injecting these commands into an application script, aka Bug ID CSCuy83130.
CVE-2016-1484 1Cisco 1Webex Meetings Server May 6, 2026 Aug 23, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass intended access restrictions and obtain sensitive application information via unspecified vectors, aka Bug ID CSCuy92724.
CVE-2016-1448 1Cisco 1Webex Meetings Server May 6, 2026 Jul 17, 2016 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.
CVE-2016-1450 1Cisco 1Webex Meetings Server May 6, 2026 Jul 15, 2016 N/A· v4 7.5 HIGH· v3 6.0 MEDIUM· v2 Cisco WebEx Meetings Server 2.6 allows remote authenticated users to conduct command-injection attacks via vectors related to an upload's file type, aka Bug ID CSCuy92715.
CVE-2016-1449 1Cisco 1Webex Meetings Server May 6, 2026 Jul 15, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711.
CVE-2016-1447 1Cisco 1Webex Meetings Server May 6, 2026 Jul 15, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194.
CVE-2016-1446 1Cisco 1Webex Meetings Server May 6, 2026 Jul 15, 2016 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.
CVE-2016-1389 1Cisco 1Webex Meetings Server May 6, 2026 Apr 28, 2016 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuy44695.
CVE-2016-1309 1Cisco 1Webex Meetings Server May 6, 2026 Feb 7, 2016 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843.

Previous 1 2 3 456 7 Next